Results from this survey provide the answer to solving security problems.

Organizations are continuing to invest more in application security. Last year more than one-third of those surveyed did not have an Appsec program in place. More than 80% have formal programs in place, and most of these organizations are doing something about Appsec now or are planning to implement a program in the coming year. More organizations will spend more on application security next year (more than 58% plan to increase spending in the next 12 months).

So far, however, most of these programs are not proving to be effective.

Organizations continue to rely heavily on looking for security vulnerabilities after the fact (using black box dynamic testing and vulnerability scanning tools and services, as well as pen testing) and blocking these vulnerabilities with application firewalls and intrusion prevention systems. The good news is that organizations are taking advantage of better tools and online services to test their applications for security vulnerabilities much more frequently, even testing continuously, which could dramatically shorten vulnerability windows—if developers can fix the bugs when they are found.

The bad news is that organizations are not attacking the root cause of application security problems. Download this paper to learn more.